The Raritan Blog

When Considering a Centralized Management Solution, Know the Advantages of a Turn-Key Appliance

August 19, 2011

In the server world, an appliance is a completely enclosed turn-key unit, in which the operating system, application software and client interfaces are integrated into one easy to deploy package. Administrators don’t need to spend nearly as much time managing an appliance as they do a typical server. The hardware and software is pre-installed and configured by the manufacturer and is typically a plug and play device. Very secure, hardened appliances also require no management of security tools such as firewalls and anti-virus software. For several years, Raritan has provided its CommandCenter Secure Gateway centralized management solution in the form of an appliance. Rack mounted hardware and virtualized versions are available. The hardware (or physical) appliance is deployed as a two unit “cluster” for easy primary/secondary redundancy. When added scalability is needed, primary units can be set up in a multi-appliance “Neighborhood”.

Other solutions in the market are available simply as Windows or Linux applications and use what’s known as a “hub & spoke” configuration to enable scalability and redundancy. A hub & spoke solution consists of one primary host or “hub” server and one or more secondary “spoke” servers. Access & management application software is installed on each server in the configuration and are identified as either a hub or a spoke. Each hub & spoke server contains a database for storing user, configuration and system information. Each unit also serves as a point for authentication, user access rights, logging and licensing. One of the servers is assigned “hub” status and contains the system’s master database.

Because CC-SG is provided as a completely enclosed turn-key appliance, the operating system, application software and client interfaces are integrated into one easy to deploy package. Conversely, the leading hub & spoke solution consists of a software package which runs on servers that customers must provide themselves, manage and maintain. While CC-SG customers can look forward to an occasional firmware upgrade, hub & spoke administrators have to worry about maintaining server operating systems, firewalls, anti-virus software, spyware, hardware maintenance and much more.

It’s important to note that while the Neighborhood feature is an excellent option for increased scalability and other benefits, the performance of just one CC-SG exceeds the needs of a vast majority of organizations. A majority of customers install only one primary CC-SG, along with a backup unit if desired (i.e. one cluster). And in most cases, when a Neighborhood is deployed, they consist of only two units. Compare this to a hub & spoke configuration, which often includes three or more servers.

Other key benefits of appliances:

Less Network Overhead: Because CC-SG users enter the Neighborhood through only one of the member units – and can then access any target that’s connected to any other CC-SG in the Neighborhood, there is no synchronization of databases among the primary units. In terms of a cluster, the database of a CC-SG primary/backup cluster is kept in sync in real-time. No scheduled tasks are needed. And because updates are constant, they are very small – instead of scheduled bulk updates.

Network overhead in a hub & spoke configuration is considerably higher. Access to target devices is available from the hub or any of the spokes. And each server also has a role in failover and backup. As a result, to ensure accurate rights management, logging and reporting, significant database synchronization – and therefore significant use of the network – is required.

More Secure Access: CC-SG users access all targets – even those directly connected to and managed by other Neighborhood CC’s – through one “home” CC-SG. Users can use any of the Neighborhood units as their home CC-SG, but there is only one possible point of access to the Neighborhood. Administrators can ensure that all management occurs through one point of access.

Hub & spoke users can enter through any server in the configuration, so access rights management can be a significant chore. And, due to CC-SG’s low security profile, Linux-based appliance architecture, it is much more immune to viruses and hacking.

No Single Point of Failure: With the easy implementation of a CC-SG cluster, customers instantly eliminate any single points of failure. It’s worth noting that CC-SG primary units have an extremely high availability rate and the backup is rarely used.

Conversely, hub & spoke solutions often need to utilize a load balancing switch to help improve performance. In such a configuration, however, the load balancer is a single point of failure because it serves as a “front end” to the hub & spokes that all traffic must travel through first. A CC-SG Neighborhood does not require a “super-unit”, hub, or other single point of system management.

Lower TCO: A vast majority of CC-SG customers utilize a single cluster solution, which supports access to several thousand target devices by dozens, and sometimes hundreds of users, depending on the types of tasks performed. When a Neighborhood is deemed to be a good fit, there is often no need to expand past two primary units for maximum performance.

The typical hub & spoke configuration consists of three or more servers. More spokes means more licensing and warranty costs, more cost of administration, more rack space, more network cabling and more power consumption.

Appliance pricing, licensing and maintenance models are more straightforward and simple. They’re also more cost-effective. In a cluster for example, because only one unit at a time is being used to access IT resources, only a single license fee is charged. This saves customers thousands of dollars relative to the typical hub & spoke solution, which requires duplicate licenses for each server.

To summarize, compared to a more complex hub & spoke approach, which can require significant management overhead of multiple 3rd party servers, constant dB synchronization and complex licensing, appliances enlist a straightforward failover and expansion approach. Licensing is straightforward when compared to the often confusing array of licensing options needed to cover a variety of hub/spoke combinations. As a result, a typical appliance-based solution costs thousands less than a hub & spoke deployment.

Other Blog Posts

The Rapid Growth of AI and the Use of Raritan PDUs to Meet Higher Power Demands
Posted on October 11, 2023
Data Center Report Fewer Outages, But Downtime Still Costly
Posted on September 20, 2023
Survey: Energy Usage and Staffing Shortages Challenge Data Centers
Posted on September 20, 2023
Raritan Secure Switch: Secure NIAP 4.0 Compliant Desktop KVM
Posted on September 20, 2023
The Midwest is a Hot Market for Data Centers: How the New Generation of Intelligent Rack PDUs Can Save Cloud Giants Uptime and Money
Posted on September 7, 2023

View all Blog Posts

Subscribe


Upcoming Events

Advancing Data Center Construction West 2024
May 6 – 8  •  Salt Lake City, UT
Net Zero Data Center
May 16 – 17  •  Dallas, TX
7x24 Exchange Spring
June 9th  •  JW Marriott Orlando Grande Lakes

View all Events

Latest Raritan News

Legrand Certifications and Process Controls Provide Confidence in Information Security for Network-Connected Devices in Data-Related Applications
Posted on April 1, 2024
Legrand Releases Version 4.0 of Raritan’s Industry-Leading Secure KVM Switches, Raising Bar for Secure Desktop Access
Posted on July 31, 2023
Legrand Revitalizes Data Center Sector with Two Revolutionary Intelligent Rack PDUs
Posted on May 1, 2023
Raritan Reveals The MasterConsole® Digital Dual KVM Switch
Posted on February 18, 2021
Legrand Data, Power and Control Division Announced as Finalist in Six Categories at DCS Awards 2020
Posted on November 9, 2020

View all news